Creating a secure application involves more then just applying Spring Security to it. This is of course not a new topic, but with the increased popularity of much more dynamic configurations for Servlet Containers and various Spring Projects, like Spring MVC and Spring Integration, it becomes more important to know about the Security tradeoffs we might get with that, and how to tackle them.